check_for_spam_reply_to() uses get_address_commonality_ratio(), which checks to see how many characters the two addresses have in common. Why not compare the domains of the hosts for equality? Take the last three parts of the hostname for two letter TLDs ("foobar.co.uk") and the last two parts for everything else ("foobar.info") and compare them.
I'm guessing that there's places that either have different TLDs in their Reply-To (sent from "foobar.com" and reply to "foobar.net"), or have slightly different general domains (sent from "foobar1.com" and reply to "foobar2.com"). How common is this? How many false positives would be gotten if the domain names were compared for complete equality? Also, why are the user names included in the comparison? If the from and reply-to user names are long and very different, but come from the exact same domain, I wouldn't consider this spamish, but it might set of the rule as it currently stands. -- Visit http://dmoz.org, the world's | Give a man a match, and he'll be warm largest human edited web directory. | for a minute, but set him on fire, and | he'll be warm for the rest of his life. [EMAIL PROTECTED] ICQ: 132152059 | _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk